Contributor I

Finding Expired Certificates

We run an EAP/TLS wireless network.  As such, we have certificates which expire on a regular basis.  There is a not very small population of users who never notice that their certificate expired.


I *do* see RADIUS failures in CPPM Access Tracker with the RADIUS alert of:

EAP-TLS: fatal alert by server - certificate_expired
TLS Handshake failed in SSL_read with error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
eap-tls: Error in establishing TLS session

Is there any easy way to get a report on failed EAP-TLS transactions with a "certificate_expired" message from ClearPass?

Benjamin J. Higgins (’97)
Worcester Polytechnic Institute
Guru Elite

Re: Finding Expired Certificates

This would likely require a custom report from TAC for Insight.

Also, we recommend you create a policy rule that looks for certificates that will be expiring in the near term to drop them into a captive portal to re-enroll.

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
Showing results for 
Search instead for 
Did you mean: